mysteelmeeting

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Mysteel conference search helper; its main caveat is that broad trigger phrases could run a disclosed web query when the user intended a more general meeting question.

Install only if you are comfortable with the agent sending conference-search terms to huizhan.mysteel.com and keeping small local cache files. Use explicit prompts such as asking to search Mysteel meetings to avoid accidental activation from generic meeting or location wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger list is broad and includes generic phrases like '查询会议' and location/industry keywords that can match ordinary conversation, causing the skill to activate unexpectedly. Over-broad activation can lead to unintended network requests, disclosure of user intent to a third-party service, and routing away from the user's actual task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal